diff options
| author | Ian Abbott <[email protected]> | 2015-07-07 17:06:52 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <[email protected]> | 2015-07-14 18:22:19 -0700 |
| commit | 0e0d311ebd589e65b8e5559e067d0dd109ac3434 (patch) | |
| tree | a914c5fde703a9a8d0c586bc8c8929764f2c6b8f /include/linux/stackprotector.h | |
| parent | 4fff0fea6d8821b1e521b7d38ea6d69c47e21efc (diff) | |
staging: comedi: use CAP_SYS_ADMIN instead of CAP_NET_ADMIN
If the "comedi" module has been loaded with the
"comedi_num_legacy_minors" module parameter set to a non-zero value,
some reserved comedi devices get created. These can be attached to a
low-level comedi driver using the `COMEDI_DEVCONFIG` ioctl command,
which checks for the `CAP_SYS_ADMIN` capability. Of course, the comedi
device needs to be opened before the ioctl command can be sent. If the
comedi device is unattached, `comedi_open()` currently requires the
`CAP_NET_ADMIN` capability. It makes more sense to just require the
`CAP_SYS_ADMIN` capability here, so change it.
For the curious, commit a8f80e8ff94e ("Networking: use CAP_NET_ADMIN
when deciding to call request_module") changed this capability from
`CAP_SYS_MODULE` to `CAP_NET_ADMIN`, even though it doesn't seem
relevant here. The original `CAP_SYS_MODULE` capability was due to the
function having some code to request a module using a "char-major-%i-%i"
alias, but that was never compiled in and was removed by commit
f30f2c2d417b ("staging: comedi: remove check for CONFIG_KMOD").
Signed-off-by: Ian Abbott <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Diffstat (limited to 'include/linux/stackprotector.h')
0 files changed, 0 insertions, 0 deletions